This script is Copyright (C) 2009-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing one or more security updates.
Updated krb5 packages that fix various security issues are now
available for Red Hat Enterprise Linux 5.
This update has been rated as having important security impact by the
Red Hat Security Response Team.
Kerberos is a network authentication system which allows clients and
servers to authenticate to each other using symmetric encryption and a
trusted third party, the Key Distribution Center (KDC). The Generic
Security Service Application Program Interface (GSS-API) definition
provides security services to callers (protocols) in a generic
fashion. The Simple and Protected GSS-API Negotiation (SPNEGO)
mechanism is used by GSS-API peers to choose from a common set of
An input validation flaw was found in the ASN.1 (Abstract Syntax
Notation One) decoder used by MIT Kerberos. A remote attacker could
use this flaw to crash a network service using the MIT Kerberos
library, such as kadmind or krb5kdc, by causing it to dereference or
free an uninitialized pointer. (CVE-2009-0846)
Multiple input validation flaws were found in the MIT Kerberos GSS-API
library's implementation of the SPNEGO mechanism. A remote attacker
could use these flaws to crash any network service utilizing the MIT
Kerberos GSS-API library to authenticate users or, possibly, leak
portions of the service's memory. (CVE-2009-0844, CVE-2009-0845)
All krb5 users should upgrade to these updated packages, which contain
backported patches to correct these issues. All running services using
the MIT Kerberos libraries must be restarted for the update to take
See also :
Update the affected packages.
Risk factor :
Critical / CVSS Base Score : 10.0